Speakers
Synopsis
In the realm of cyber security, practitioners must grapple with a constantly evolving threat and exposure landscape. Increasingly, however, practitioners and the organisations they work for must also be mindful of the legal and regulatory consequences of malicious intrusions and the issues that can arise from cyber events which increase the risks of regulatory investigations, enforcement actions, civil claims and class actions.
Under most of the civil and regulatory regimes seen across the region, requirements are affixed to an organisation to take “reasonable steps” to protect personal information, promote data security within an organisation, or protect the business and key stakeholders from cyber exposures. A central component of managing potential legal risks is understanding the requirements that regulators and the courts are likely to adopt when assessing what constitutes “reasonable steps” and how an organisation is likely to be exposed where it has not made sufficent investments in people, processes and technology.
Key concepts that will be explored in this session include how the duty of care and other obligations that an organisation will owe are likely to be shaped, the role frameworks and standards are likely to play in determining the standard of reasonable care, and where proactive approaches are likely to be required that go beyond compliance and technical assessments with standards. The session will also examine how wider issues, such as organisational culture and leadership behaviours, will influence legal risk in the context of cyber security. These issues will be contextualised with both Australian and international case studies and guidance on practical steps that organisations can take to better protect themselves across both legal risk management and holistic cyber security strategies.
